Three-level IT baseline security system ISKE
The goal of implementing ISKE is to ensure a security level sufficient for the data processed in IT systems. The necessary security level is achieved by implementing the standard organisational, infrastructural/physical and technical security measures.
It is an information security standard that is developed for the Estonian public sector. According to Government Regulation no. 273 of 12 August 2004, ISKE is compulsory for state and local government organisations who handle databases/registers. The first version of the ISKE implementation manual was completed by October 2003.
The preparation and development of ISKE is based on a German information security standard – IT Baseline Protection Manual (IT-Grundschutz in German) – which has been adapted to suit the Estonian situation.
A three-level baseline system means three different sets of security measures for three different security requirements have been developed (different databases and information systems may have different security levels).
The system of security measures for information systems (unofficial translation, .pdf, 253 KB), Regulation No 252 of the Government of the Republic of 20.12.2007.
Simplified process for the implementation of ISKE
- Mapping databases
- Mapping information systems and other information assets
- Identifying links between databases, information systems and other information assets
- Identifying the required security class and level for databases
- Identifying the required security class and level for information systems and other information assets
- Identifying the typical modules, which comply with information systems, and other information assets
- Identifying the required security measures for information systems and other information assets.
Information security is an ongoing process, which is aimed at ensuring the confidentiality, integrity and availability of data and assets. The goal is to find a balance between these three components.
Presentation on ISKE (.pdf, 277 KB)